SaTC: CORE: Medium: Protecting Confidentiality and Integrity of Deep Neural Networks against Side-Channel and Fault Attacks

SaTC：核心：中：保护深度神经网络的机密性和完整性免受侧通道和故障攻击

• 批准号: 1929300
• 负责人: Yunsi Fei
• 金额: $ 120万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1929300&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Protecting; Confidentiality

Deep learning (DL) has become a foundational means for solving diverse problems ranging from computer vision, natural language processing, digital surveillance to finance and healthcare. Security of the deep neural network (DNN) inference engines and trained DNN models on various platforms have become one of the biggest challenges in deploying artificial intelligence. Confidentiality breaches of the DNN model can facilitate manipulations of the DNN inference, resulting in potentially devastating consequences. This project aims to promote broader applications of DNNs in security-critical scenarios by ensuring secure execution of DNN inference engines against side-channel and fault injection attacks.The project is composed of three salient and interdependent thrusts. SpyNet will study vulnerability of DNNs implemented on mainstream platforms to model reverse engineering via passive side-channel attacks. DisruptNet will investigate the feasibility of active fault injection attacks to disrupt execution of DNN inference engines, and SecureNet will identify protection, detection, and hardening mechanisms for secure execution of DNN inference engines. This project may deepen the understanding of inherent information leakage and fault tolerance of DNN models. The unprecedented rise of DL technology in diverse application domains has rendered secure execution, primarily confidentiality and integrity, a top priority. This project significantly advances the state-of-the-art on DL implementations, computer architecture and heterogeneous systems, hardware security, and formal methods/verification. Research results and insights on secure DNN design techniques will be incorporated into courses developed by the researchers. The interdisciplinary research will provide unique training and opportunities for graduate and undergraduate students, and industry partners through a newly established Industry-University Collaborative Research Center. The project will leverage the Experiential Education model of Northeastern University to engage undergraduates, women, and minority students in independent research projects.All the attack library, metrics, methodologies, and software tools will be made available to the public on a dedicated project Website (https://tescase.coe.neu.edu), and the protected and hardened DL models will be released to GitHub to facilitate community usage. The repository will be maintained during and beyond the project.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度学习（DL）已成为解决从计算机视觉、自然语言处理、数字监控到金融和医疗保健等各种问题的基本手段。深度神经网络（DNN）推理引擎和各种平台上训练的DNN模型的安全性已成为部署人工智能的最大挑战之一。DNN模型的机密性破坏可以促进DNN推理的操纵，从而导致潜在的破坏性后果。该项目旨在通过确保DNN推理引擎的安全执行来防止侧信道和故障注入攻击，从而促进DNN在安全关键场景中的更广泛应用。该项目由三个突出且相互依赖的目标组成。SpyNet将研究在主流平台上实现的DNN的脆弱性，以通过被动侧信道攻击来模拟逆向工程。DisruptNet将研究主动故障注入攻击破坏DNN推理引擎执行的可行性，SecureNet将确定DNN推理引擎安全执行的保护，检测和强化机制。该项目可以加深对DNN模型固有的信息泄漏和容错的理解。DL技术在不同应用领域的空前崛起，使得安全执行（主要是机密性和完整性）成为重中之重。该项目显著推进了DL实现，计算机体系结构和异构系统，硬件安全和形式化方法/验证的最新技术。安全DNN设计技术的研究成果和见解将被纳入研究人员开发的课程中。跨学科研究将通过新成立的产学合作研究中心为研究生和本科生以及行业合作伙伴提供独特的培训和机会。该项目将利用东北大学的体验式教育模式，吸引本科生、女性和少数民族学生参与独立的研究项目。所有的攻击库、指标、方法和软件工具将在专门的项目网站（https：//www.example.com）上向公众开放，受保护和加固的DL模型将发布到GitHub，以促进社区使用。tescase.coe.neu.edu这个奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Characteristic Examples: High-Robustness, Low-Transferability Fingerprinting of Neural Networks

• DOI: 10.24963/ijcai.2021/80
• 发表时间: 2021-08
• 作者: Siyue Wang;Xiao Wang;Pin-Yu Chen;Pu Zhao;Xue Lin

High-Robustness, Low-Transferability Fingerprinting of Neural Networks

• 发表时间: 2021-05
• 期刊: ArXiv
• 作者: Siyue Wang;Xiao Wang;Pin-Yu Chen;Pu Zhao;Xue Lin

Stealthy-Shutdown: Practical Remote Power Attacks in Multi - Tenant FPGAs

隐形关闭：多租户 FPGA 中的实用远程电源攻击

• DOI: 10.1109/iccd50377.2020.00097
• 发表时间: 2020
• 期刊: IEEE International Conference on Computer Design: VLSI in Computers and Processors
• 作者: Luo, Yukui;Gongye, Cheng;Ren, Shaolei;Fei, Yunsi;Xu, Xiaolin
• 通讯作者: Xu, Xiaolin

EMShepherd: Detecting Adversarial Samples via Side-channel Leakage

• DOI: 10.1145/3579856.3582827
• 发表时间: 2023-03
• 期刊: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
• 作者: Ruyi Ding;Gongye Cheng;Siyue Wang;A. A. Ding-A.;Yunsi Fei

Detection and Recovery Against Deep Neural Network Fault Injection Attacks Based on Contrastive Learning

• DOI: 10.48550/arxiv.2401.16766
• 发表时间: 2024-01
• 期刊: ArXiv
• 作者: Chenan Wang;Pu Zhao;Siyue Wang;Xue Lin